Startup takes the fight to the hackers

Sept. 26, 2013

Updated Sept. 27, 2013 10:13 a.m.

George Kurtz is president and CEO of Irvine-based Crowdstrike, a cyber security firm that received $30 million in funding recently for their buildout of a new online security system that tries to actively identify hacking groups and their mode of operation in order to make it harder for them to make attacks in the future.JOSHUA SUDOCK, ORANGE COUNTY REGISTER

In one of the more dramatic presentations at this year’s RSA Conference in San Francisco, a researcher from Irvine-based startup Crowdstrike took down a malicious computer “botnet.” He showed, in real time, how he could trick thousands of networked machines – which had been infected with code to spit out annoying and profitable e-mail spam – to stop talking with their corrupted peers.

Operators of the network, known as Kelihos C, had a new version of it pushed out to computers within hours. Still, it was a rare example of going beyond just protecting a computer network to actually take the fight to the hackers.

That kind of aggressive security approach serves as a potent sales pitch for Crowdstrike, whose logo is a bird of prey swooping in on a hapless victim. It’s also proved attractive to venture capitalists, who have pumped nearly $60 million into the 2-year-old company and helped it recruit a roster of experts from information-security giants and the Federal Bureau of Investigation.

Crowdstrike is one of several companies formed to attack “advanced persistent threats.” These are coordinated, multiyear efforts to break into a company or government’s systems.

Earlier this year, China-based hacking group Comment Crew entered the spotlight when Crowdstrike competitor Mandiant linked the group to a number of intrusions into American companies. Crowdstrike was also tracking the Chinese hackers. Reports said the group was involved in high-profile hacks at EMC and its RSA security division in 2011, as well as Coca-Cola in 2009.

Security experts say hackers are so committed to breaking in that it isn’t a question of whether they’ll get in but when, and how much damage they’ll do once they’re inside.

“You need new techniques,” said Bloomberg Industries software analyst Mandeep Singh. “Advanced persistent threats are a new way hackers are attacking the corporate environment.”

Two of the biggest players, Milpitas-based FireEye (which went public last week) and Virginia-based Mandiant, each claim roughly one third of the Fortune 100 companies as customers.

Crowdstrike is a relative newcomer. The company was founded in November 2011 by George Kurtz, Dmitri Alperovitch and Gregg Marston. Kurtz, the CEO, and Alperovitch came from McAfee, maker of the ubiquitous PC antivirus software. McAfee bought Kurtz’s Orange County cyber-security company for $86 million in 2004.

Crowdstrike now has more than 100 employees, including 25 in Orange County. It doesn’t discuss customers, though one of the world’s largest banks is listed on a bell that hangs outside Kurtz’s office. The bell is rung with each new sale of the security packages, which start at $25,000.

A second round of investment earlier this month will go toward expanding the company’s engineering, sales and marketing teams. It may also help Crowdstrike acquire smaller companies in an eventual bid for a public offering or a sale.

Kurtz uses real-world scenarios to drive home the need for a new approach to corporate data security. Instead of focusing on blocking known bits of computer code that pry open a system for pillaging, as McAfee does, Crowdstrike focuses on the groups behind the hacking and their methods.

If it were your home being broken into, Kurtz suggested, the first thing you'd want to know is "who has broken into my home and are they still there?" Existing security systems, he said, amount to little more than changing the locks.

"It's absurd we don't do in the electronic world what we do in the real world," Kurtz said.

User Agreement

Keep it civil and stay on topic. No profanity, vulgarity, racial
slurs or personal attacks. People who harass others or joke about
tragedies will be blocked. By posting your comment, you agree to
allow Orange County Register Communications, Inc. the right to
republish your name and comment in additional Register publications
without any notification or payment.